This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] UPATED xenbr0 doesn't have an IP (should it?!)

Stuart Rench wrote:
So now I am convinced that something in iptables and nat has gone
awry...but I am EXTREMELY weak on IPTABLES...

If I were to flush all dom0 iptables to start from scratch, what is a
bare minimum to allow for the following basic network architecture?

Gateway -
XenServer -
Virtual Server -

Anyone else on my network - 10.0.0.x

The main thing that affects traffic to and from domU in dom0 is the FORWARD chain in the filter table: if you flush this (iptables -F FORWARD) then the usual default policy is ACCEPT which means that traffic can be forwarded. The default rule that permits traffic from some source vifX.0 phydev is only needed when the table's policy is not ACCEPT or when there is some other rule in the FORWARD chain that rejects traffic.

You might find "iptables -I FORWARD 1 -j LOG" useful, although, be warned, this can generate a _lot_ of messages that will wind up in /var/log/messages, but you will be able to see what traffic iptables is seeing on that chain.

It's also possible that you have rules in some other table that are causing you trouble; running iptables-save will show you all the rules in all the chains in all the tables. You may have something odd in the nat table that is giving you grief.


Xen-users mailing list